=~=~=~=~=~=~=~=~=~=~=~= PuTTY log 2006.02.10 12:20:10 =~=~=~=~=~=~=~=~=~=~=~= S6# S6# S6#sh ip route Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2 ia - IS-IS inter area, * - candidate default, U - per-user static route o - ODR, P - periodic downloaded static route Gateway of last resort is not set 17.0.0.0/24 is subnetted, 2 subnets O 17.57.100.0 [110/792] via 180.40.7.129, 16:17:31, FastEthernet0/3 O 17.57.101.0 [110/783] via 180.40.7.129, 16:17:31, FastEthernet0/3 O 192.10.32.0/24 [110/2] via 180.40.7.98, 16:17:31, FastEthernet0/4 180.40.0.0/16 is variably subnetted, 6 subnets, 2 masks C 180.40.7.128/27 is directly connected, FastEthernet0/3 O 180.40.7.0/27 [110/782] via 180.40.7.129, 16:17:31, FastEthernet0/3 O 180.40.7.35/32 [110/782] via 180.40.7.129, 16:17:31, FastEthernet0/3 O 180.40.7.34/32 [110/782] via 180.40.7.129, 16:17:32, FastEthernet0/3 O 180.40.7.33/32 [110/1] via 180.40.7.129, 16:17:32, FastEthernet0/3 C 180.40.7.96/27 is directly connected, FastEthernet0/4 S6#ping 192.10.32.254 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192.10.32.254, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 1/3/8 ms S6# RACK13AS>4 5 [Resuming connection 5 to r5 ... ] S5#ping 192.10.32.254 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192.10.32.254, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 56/59/64 ms S5# RACK13AS>4 [Resuming connection 4 to r4 ... ] R4# R4# R4# R4#sh run   | b line con line con 0 exec-timeout 0 0 logging synchronous line aux 0 line vty 0 4 privilege level 15 no login ! ! end R4#sh clock *16:48:36.939 UTC Mon Mar 1 1993 R4#config t Enter configuration commands, one per line. End with CNTL/Z. R4(config)#ntp server ? Hostname or A.B.C.D IP address of peer vrf VPN Routing/Forwarding Information R4(config)#ntp server 192.10.32.254 R4(config)#do sh clock *16:49:12.703 UTC Mon Mar 1 1993 R4(config)#do sh ntp ass address ref clock st when poll reach delay offset disp ~192.10.32.254 0.0.0.0 16 - 64 0 0.0 0.00 16000. * master (synced), # master (unsynced), + selected, - candidate, ~ configured R4(config)#do sh ntp assclock ntp ass address ref clock st when poll reach delay offset disp *~192.10.32.254 172.16.1.20 4 0 64 3 5.2 -0.06 7875.0 * master (synced), # master (unsynced), + selected, - candidate, ~ configured R4(config)#do sh ntp assclock  21:26:55.400 UTC Fri Feb 10 2006 R4(config)#ntp ? access-group Control NTP access authenticate Authenticate time sources authentication-key Authentication key for trusted time sources broadcastdelay Estimated round-trip delay clock-period Length of hardware clock tick master Act as NTP master clock max-associations Set maximum number of associations peer Configure NTP peer server Configure NTP server source Configure interface for source address trusted-key Key numbers for trusted time sources R4(config)#ntp au R4(config)#ntp authenticati R4(config)#ntp authentication-key ? <1-4294967295> Key number R4(config)#ntp authentication-key 1 ? md5 MD5 authentication R4(config)#ntp authentication-key 1 md5 ? WORD Authentication key R4(config)#ntp authentication-key 1 md5 MyTime R4(config)#ntp ? access-group Control NTP access authenticate Authenticate time sources authentication-key Authentication key for trusted time sources broadcastdelay Estimated round-trip delay clock-period Length of hardware clock tick master Act as NTP master clock max-associations Set maximum number of associations peer Configure NTP peer server Configure NTP server source Configure interface for source address trusted-key Key numbers for trusted time sources R4(config)#ntp tr R4(config)#ntp trusted-key ? <1-4294967295> Key number R4(config)#ntp trusted-key 1 R4(config)# RACK13AS>3 [Resuming connection 3 to r3 ... ] R3#config t Enter configuration commands, one per line. End with CNTL/Z. R3(config)#ntp aut R3(config)#ntp authenticati R3(config)#ntp authentication-key 1 md5 MyTime R3(config)#ntp ser R3(config)#ntp server 180.40.7.98 ? key Configure peer authentication key prefer Prefer this peer when possible source Interface for source address version Configure NTP version R3(config)#ntp server 180.40.7.98 key ? <0-4294967295> Peer key number R3(config)#ntp server 180.40.7.98 key 1  ? prefer Prefer this peer when possible source Interface for source address version Configure NTP version R3(config)#ntp server 180.40.7.98 key 1 R3(config)#end R3# *Mar 1 16:49:31.328: %SYS-5-CONFIG_I: Configured from console by console R3#sh ntp ass R3#sh ntp associations address ref clock st when poll reach delay offset disp *~180.40.7.98 192.10.32.254 5 0 64 3 4.2 -0.34 7875.1 * master (synced), # master (unsynced), + selected, - candidate, ~ configured R3#sh ntp associations ? detail Show detail | Output modifiers R3#sh ntp associations det R3#sh ntp associations detail 180.40.7.98 configured, authenticated, our_master, sane, valid, stratum 5 ref ID 192.10.32.254, time C7978428.D072B125 (21:29:12.814 UTC Fri Feb 10 2006) our mode client, peer mode server, our poll intvl 64, peer poll intvl 64 root delay 338.90 msec, root disp 54.43, reach 377, sync dist 225.967 delay 4.06 msec, offset -0.2988 msec, dispersion 0.06 precision 2**18, version 3 org time C7978441.FBFC687A (21:29:37.984 UTC Fri Feb 10 2006) rcv time C7978441.FC953D89 (21:29:37.986 UTC Fri Feb 10 2006) xmt time C7978441.FB6D676A (21:29:37.982 UTC Fri Feb 10 2006) filtdelay = 4.06 5.29 4.04 4.46 4.14 4.12 4.03 4.14 filtoffset = -0.30 0.31 -0.24 -0.16 -0.31 -0.39 -0.35 -0.32 filterror = 0.02 0.03 0.05 0.06 0.08 0.09 0.11 0.12 R3#deb ntp % Incomplete command. R3#deb ntp ? adjust NTP clock adjustments authentication NTP authentication events NTP events loopfilter NTP loop filter packets NTP packets params NTP clock parameters refclock NTP reference clocks select NTP clock selection sync NTP clock synchronization validity NTP peer clock validity R3#deb ntp authe R3#deb ntp authentication ? R3#deb ntp authentication NTP authentication debugging is on R3#clea ntp ? % Unrecognized command R3#clea ntp  \         config t Enter configuration commands, one per line. End with CNTL/Z. R3(config)#endntp server 180.40.7.98 key 1 nntp server 180.40.7.98 key 1 ontp server 180.40.7.98 key 1  ntp server 180.40.7.98 key 1  R3(config)#no ntp server 180.40.7.98 key 1 end ntp server 180.40.7.98 key 1 R3(config)#do sh log Syslog logging: enabled (9 messages dropped, 2 messages rate-limited, 0 flushes, 0 overruns, xml disabled) Console logging: level debugging, 47 messages logged, xml disabled Monitor logging: level debugging, 0 messages logged, xml disabled Buffer logging: disabled, xml disabled Logging Exception size (4096 bytes) Count and timestamp logging messages: disabled Trap logging: level informational, 53 message lines logged R3(config)# .Feb 10 21:31:19.881: Authentication key 1 Feb 10 21:31:20.879: Authentication key 1 R3(config)# Feb 10 21:31:21.881: Authentication key 1 Feb 10 21:31:22.882: Authentication key 1 R3(config)# Feb 10 21:31:23.880: Authentication key 1 Feb 10 21:31:24.882: Authentication key 1 R3(config)# Feb 10 21:31:25.879: Authentication key 1 Feb 10 21:31:26.881: Authentication key 1 R3(config)# Feb 10 21:31:27.882: Authentication key 1 Feb 10 21:31:28.880: Authentication key 1 R3(config)#do u all All possible debugging has been turned off R3(config)# Feb 10 21:31:29.882: Authentication key 1 R3(config)#^Z R3# sh Feb 10 21:31:47.767: %SYS-5-CONFIG_I: Configured from console by console R3# sh run | i ntp ntp authentication-key 1 md5 1063102D0C1A17 7 ntp server 180.40.7.98 key 1 R3# RACK13AS>4 [Resuming connection 4 to r4 ... ] R4(config)#ntp trusted-key 1nntp trusted-key 1ontp trusted-key 1 ntp trusted-key 1 R4(config)# RACK13AS>3 [Resuming connection 3 to r3 ... ] R3# RACK13AS>4 [Resuming connection 4 to r4 ... ] R4(config)#do sh ntp ass address ref clock st when poll reach delay offset disp *~192.10.32.254 172.16.1.20 4 25 64 377 5.2 2.08 0.6 * master (synced), # master (unsynced), + selected, - candidate, ~ configured R4(config)#do sh ntp assno ntp trusted-key 1do sh ntp ass   RACK13AS>3 [Resuming connection 3 to r3 ... ] R3#sh  sh run | i ntpconfig t deb ntp authentication det ^ % Invalid input detected at '^' marker. R3#deb ntp authentication det   deb ntp authentication det sh run | i ntp deb ntp authentication det    NTP authentication debugging is on R3#do  sh b ntp ad ss det 180.40.7.98 configured, authenticated, our_master, sane, valid, stratum 5 ref ID 192.10.32.254, time C7978528.D0B7DD91 (21:33:28.815 UTC Fri Feb 10 2006) our mode client, peer mode server, our poll intvl 64, peer poll intvl 64 root delay 338.88 msec, root disp 59.16, reach 377, sync dist 232.315 delay 4.07 msec, offset 3.8468 msec, dispersion 1.68 precision 2**18, version 3 org time C7978536.E2189770 (21:33:42.883 UTC Fri Feb 10 2006) rcv time C7978536.E1A24FDD (21:33:42.881 UTC Fri Feb 10 2006) xmt time C7978536.E0798D74 (21:33:42.876 UTC Fri Feb 10 2006) filtdelay = 4.07 4.17 4.10 4.18 4.06 4.07 4.01 4.09 filtoffset = 3.85 2.60 1.78 1.69 1.72 1.71 1.64 1.73 filterror = 0.02 0.99 1.97 1.98 2.00 2.01 2.03 2.04 R3#q config t Enter configuration commands, one per line. End with CNTL/Z. R3(config)#do u allsh logntp server 180.40.7.98 key 1 o ntp server 180.40.7.98 key 1 R3(config)#no ntp server 180.40.7.98 key 1 do u all sh logntp server 180.40.7.98 key 1 R3(config)# .Feb 10 21:34:27.882: Authentication key 1 Feb 10 21:34:28.880: Authentication key 1 R3(config)# Feb 10 21:34:29.882: Authentication key 1 Feb 10 21:34:30.883: Authentication key 1 R3(config)# Feb 10 21:34:31.881: Authentication key 1 R3(config)# Feb 10 21:34:32.883: Authentication key 1 Feb 10 21:34:33.880: Authentication key 1 R3(config)# Feb 10 21:34:34.882: Authentication key 1 R3(config)# Feb 10 21:34:35.883: Authentication key 1 Feb 10 21:34:36.881: Authentication key 1 R3(config)# Feb 10 21:34:37.887: Authentication key 1 Feb 10 21:34:38.880: Authentication key 1 R3(config)# Feb 10 21:34:39.882: Authentication key 1 Feb 10 21:34:40.880: Authentication key 1 R3(config)# Feb 10 21:34:41.881: Authentication key 1 Feb 10 21:34:42.883: Authentication key 1 R3(config)#^Z R3# u all % Ambiguous command: " u all" R3# Feb 10 21:35:17.548: %SYS-5-CONFIG_I: Configured from console by console R3#u all All possible debugging has been turned off R3#sh run | i ntp ntp authentication-key 1 md5 1063102D0C1A17 7 ntp clock-period 17208080 ntp server 180.40.7.98 key 1 R3# RACK13AS>4 [Resuming connection 4 to r4 ... ] R4(config)#^Z R4#sh run | Feb 10 21:36:03.206: %SYS-5-CONFIG_I: Configured from console by console R4#sh run | i ntp ntp authentication-key 1 md5 013E1F30520603 7 ntp clock-period 17179871 ntp server 192.10.32.254 R4# R4# R4# RACK13AS>3 [Resuming connection 3 to r3 ... ] R3#sh ntp add    ss det 180.40.7.98 configured, authenticated, our_master, sane, valid, stratum 5 ref ID 192.10.32.254, time C79785E8.D106EC8D (21:36:40.816 UTC Fri Feb 10 2006) our mode client, peer mode server, our poll intvl 64, peer poll intvl 64 root delay 338.85 msec, root disp 61.29, reach 377, sync dist 234.299 delay 4.12 msec, offset 6.2510 msec, dispersion 1.53 precision 2**18, version 3 org time C79785F2.E315244A (21:36:50.887 UTC Fri Feb 10 2006) rcv time C79785F2.E202F5EF (21:36:50.882 UTC Fri Feb 10 2006) xmt time C79785F2.E0D6C12E (21:36:50.878 UTC Fri Feb 10 2006) filtdelay = 4.12 3.95 4.07 4.09 4.10 4.17 4.14 4.01 filtoffset = 6.25 4.99 4.46 4.42 4.46 4.40 4.41 4.39 filterror = 0.02 0.99 1.97 1.98 2.00 2.01 2.03 2.04 R3# RACK13AS>4 [Resuming connection 4 to r4 ... ] R4#config t Enter configuration commands, one per line. End with CNTL/Z. R4(config)#do sh ntp assno ntp trusted-key 1tp trusted-key 1 authentication-key 1 md5 MyTimenntp authentication-key 1 md5 MyTimeontp authentication-key 1 md5 MyTime ntp authentication-key 1 md5 MyTime R4(config)#no ntp authentication-key 1 md5 MyTimeno ntp authentication-key 1 md5 MyTime  ntp authentication-key 1 md5 MyTime  R4(config)#^Z R4# Feb 10 21:38:26.039: %SYS-5-CONFIG_I: Configured from console by console R4#config t Enter configuration commands, one per line. End with CNTL/Z. R4(config)# ntp authentication-key 1 md5 MyTimeno ntp authentication-key 1 md5 MyTime R4(config)# RACK13AS>3 [Resuming connection 3 to r3 ... ] R3#sh ntp add   s ass address ref clock st when poll reach delay offset disp *~180.40.7.98 192.10.32.254 5 57 64 377 4.1 6.58 1.1 * master (synced), # master (unsynced), + selected, - candidate, ~ configured R3# R3#sh ntp ass de 180.40.7.98 configured, our_master, sane, valid, stratum 5 ref ID 192.10.32.254, time C7978668.D1465581 (21:38:48.817 UTC Fri Feb 10 2006) our mode client, peer mode server, our poll intvl 64, peer poll intvl 64 root delay 338.90 msec, root disp 62.39, reach 377, sync dist 234.741 delay 4.09 msec, offset 6.8897 msec, dispersion 0.85 precision 2**18, version 3 org time C7978672.E431B0F5 (21:38:58.891 UTC Fri Feb 10 2006) rcv time C7978672.E2F47B02 (21:38:58.886 UTC Fri Feb 10 2006) xmt time C7978672.E1D7A4A7 (21:38:58.882 UTC Fri Feb 10 2006) filtdelay = 4.09 4.10 4.12 3.95 4.07 4.09 4.10 4.17 filtoffset = 6.89 6.58 6.25 4.99 4.46 4.42 4.46 4.40 filterror = 0.02 0.99 1.97 2.94 3.92 3.94 3.95 3.97 R3# RACK13AS>4 [Resuming connection 4 to r4 ... ] R4(config)#no ntp authentication-key 1 md5 MyTime ntp authentication-key 1 md5 MyTime  R4(config)#^Z R4# RACK13AS>3 [Resuming connection 3 to r3 ... ] R3#sh ntp ass de  de 180.40.7.98 configured, our_master, sane, valid, stratum 5 ref ID 192.10.32.254, time C7978668.D1465581 (21:38:48.817 UTC Fri Feb 10 2006) our mode client, peer mode server, our poll intvl 64, peer poll intvl 64 root delay 338.90 msec, root disp 62.39, reach 377, sync dist 234.741 delay 4.09 msec, offset 6.8897 msec, dispersion 0.85 precision 2**18, version 3 org time C7978672.E431B0F5 (21:38:58.891 UTC Fri Feb 10 2006) rcv time C7978672.E2F47B02 (21:38:58.886 UTC Fri Feb 10 2006) xmt time C7978672.E1D7A4A7 (21:38:58.882 UTC Fri Feb 10 2006) filtdelay = 4.09 4.10 4.12 3.95 4.07 4.09 4.10 4.17 filtoffset = 6.89 6.58 6.25 4.99 4.46 4.42 4.46 4.40 filterror = 0.02 0.99 1.97 2.94 3.92 3.94 3.95 3.97 R3#dev b ntp auth NTP authentication debugging is on R3#deb ntp authsh ntp ass de Feb 10 21:40:02.883: Authentication key 1 R3#sh ntp ass dedeb ntp auth sh ntp ass de 180.40.7.98 configured, authenticated, our_master, sane, valid, stratum 5 ref ID 192.10.32.254, time C79786A8.D166A88A (21:39:52.817 UTC Fri Feb 10 2006) our mode client, peer mode server, our poll intvl 64, peer poll intvl 64 root delay 340.38 msec, root disp 65.75, reach 377, sync dist 238.602 delay 4.10 msec, offset 7.0930 msec, dispersion 0.61 precision 2**18, version 3 org time C79786B2.E3CBEAB0 (21:40:02.889 UTC Fri Feb 10 2006) rcv time C79786B2.E281F2C2 (21:40:02.884 UTC Fri Feb 10 2006) xmt time C79786B2.E15679C1 (21:40:02.880 UTC Fri Feb 10 2006) filtdelay = 4.10 4.09 4.10 4.12 3.95 4.07 4.09 4.10 filtoffset = 7.09 6.89 6.58 6.25 4.99 4.46 4.42 4.46 filterror = 0.02 0.99 1.97 2.94 3.92 4.90 4.91 4.93 R3#u all All possible debugging has been turned off R3# RACK13AS>4 [Resuming connection 4 to r4 ... ] Feb R4#config t Enter configuration commands, one per line. End with CNTL/Z. R4(config)#do sh access-list Standard IP access list IPNAT 10 permit 180.40.7.0, wildcard bits 0.0.0.255 (2 matches) 20 permit 17.0.0.0, wildcard bits 0.255.255.255 (3 matches) R4(config)#access-list 100 per udp any any eq ntp R4(config)#access-list 100 den ip any any log R4(config)#ip in R4(config)#ip inspect ? alert-off Disable alert audit-trail Enable the logging of session information (addresses and bytes) dns-timeout Specify timeout for DNS hashtable-size Specify size of hashtable max-incomplete Specify maximum number of incomplete connections before clamping name Specify an inspection rule one-minute Specify one-minute-sample watermarks for clamping tcp Config timeout values for tcp connections udp Config timeout values for udp flows R4(config)#ip inspect name ? WORD Name of inspection defined R4(config)#ip inspect name Prob2 ? cuseeme CUSeeMe Protocol fragment IP fragment inspection ftp File Transfer Protocol h323 H.323 Protocol (e.g, MS NetMeeting, Intel Video Phone) http HTTP Protocol icmp ICMP Protocol netshow Microsoft NetShow Protocol rcmd R commands (r-exec, r-login, r-sh) realaudio Real Audio Protocol rpc Remote Prodedure Call Protocol rtsp Real Time Streaming Protocol sip SIP Protocol skinny Skinny Client Control Protocol smtp Simple Mail Transfer Protocol sqlnet SQL Net Protocol streamworks StreamWorks Protocol tcp Transmission Control Protocol tftp TFTP Protocol udp User Datagram Protocol vdolive VDOLive Protocol R4(config)#ip inspect name Prob2 tcp R4(config)#ip inspect name Prob2 tcp   udp R4(config)#ip inspect name Prob2 udp   h323 R4(config)#int atm 1. /0 R4(config-if)#ip a cce   acc R4(config-if)#ip acce R4(config-if)#ip access-group 100 in R4(config-if)#ip in R4(config-if)#ip insp R4(config-if)#ip inspect Prob2 out R4(config-if)#exit R4(config)#ip intexit ip inspect Prob2 out  access-group 100 ininspect Prob2 out access-group 100 innt atm 1/0 p inspect name Prob2 h323    ? cuseeme CUSeeMe Protocol fragment IP fragment inspection ftp File Transfer Protocol h323 H.323 Protocol (e.g, MS NetMeeting, Intel Video Phone) http HTTP Protocol icmp ICMP Protocol netshow Microsoft NetShow Protocol rcmd R commands (r-exec, r-login, r-sh) realaudio Real Audio Protocol rpc Remote Prodedure Call Protocol rtsp Real Time Streaming Protocol sip SIP Protocol skinny Skinny Client Control Protocol smtp Simple Mail Transfer Protocol sqlnet SQL Net Protocol streamworks StreamWorks Protocol tcp Transmission Control Protocol tftp TFTP Protocol udp User Datagram Protocol vdolive VDOLive Protocol R4(config)#ip inspect name Prob2 icmp R4(config)# Feb 10 21:44:42.130: %SEC-6-IPACCESSLOGP: list 100 denied tcp 192.10.32.254(13120) -> 192.10.32.13(179), 1 packet R4(config)#^Z R4#   Feb 10 21:46:00.743: %SYS-5-CONFIG_I: Configured from console by console R4#sh run | b ip in ip inspect name Prob2 tcp ip inspect name Prob2 udp ip inspect name Prob2 h323 ip inspect name Prob2 icmp ip audit po max-events 100 ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! interface FastEthernet0/0 --More--   ip address 180.40.7.98 255.255.255.224 ip nat inside duplex auto speed auto ! interface ATM1/0 ip address 192.10.32.13 255.255.255.0 ip access-group 100 in ip nat outside ip inspect Prob2 out no atm ilmi-keepalive pvc 0/72 protocol ip 192.10.32.254 broadcast ! ! router ospf 1 log-adjacency-changes network 0.0.0.0 255.255.255.255 area 0 ! ip nat inside source list IPNAT interface ATM1/0 overload no ip http server no ip http secure-server ip classless --More--  ! ! ! ip access-list standard IPNAT permit 180.40.7.0 0.0.0.255 permit 17.0.0.0 0.255.255.255 access-list 100 permit udp any any eq ntp access-list 100 deny ip any any log ! ! ! ! ! ! line con 0 exec-timeout 0 0 logging synchronous line aux 0 line vty 0 4 privilege level 15 no login ! ntp authentication-key 1 md5 05261F3B28414B 7 --More--   R4#4#sh run | b ip in ^ % Invalid input detected at '^' marker. R4#R4#sh run | b ip in ^ % Invalid input detected at '^' marker. R4# R4# Feb 10 21:46:42.171: %SEC-6-IPACCESSLOGP: list 100 denied tcp 192.10.32.254(13135) -> 192.10.32.13(179), 1 packet R4# RACK13AS>1 [Resuming connection 1 to r1 ... ] R1#xon   config t Enter configuration commands, one per line. End with CNTL/Z. R1(config)#snm R1(config)#snmp? snmp snmp-server R1(config)#snmp-s R1(config)#snmp-server ? chassis-id String to uniquely identify this chassis community Enable SNMP; set community string and access privs contact Text for mib object sysContact drop Silently drop SNMP packets enable Enable SNMP Traps or Informs engineID Configure a local or remote SNMPv3 engineID group Define a User Security Model group host Specify hosts to receive SNMP notifications ifindex Enable ifindex persistence inform Configure SNMP Informs options location Text for mib object sysLocation manager Modify SNMP manager parameters packetsize Largest SNMP packet size queue-length Message queue length for each TRAP host source-interface Assign an source interface system-shutdown Enable use of the SNMP reload command tftp-server-list Limit TFTP servers used via SNMP trap SNMP trap options trap-source Assign an interface for the source address of all traps trap-timeout Set timeout for TRAP message retransmissions user Define a user who can access the SNMP engine view Define an SNMPv2 MIB view --More--   R1(config)#snmp-server com R1(config)#snmp-server community ? WORD SNMP community string R1(config)#snmp-server community WORD ? <1-99> Std IP accesslist allowing access with this community string <1300-1999> Expanded IP accesslist allowing access with this community string ro Read-only access with this community string rw Read-write access with this community string view Restrict this community to a named MIB view R1(config)#snmp-server community WORD                            pri R1(config)#priv R1(config)#privilege ? aaa-user AAA user definition accept-dialin VPDN group accept dialin configuration mode accept-dialout VPDN group accept dialout configuration mode address-family Address Family configuration mode aic Alarm Interface Card configuration mode alps-ascu ALPS ASCU configuration mode alps-circuit ALPS circuit configuration mode bba-group BBA Group configuration mode boomerang Boomerang configuration mode cascustom Cas custom configuration mode cause-code-list Voice Cause Code List configuration mode ces-conn CES connection configuration mode ces-vc CES VC configuration mode cgma_agent CGMA Agent Configuration Mode cm-fallback cm-fallback configuration mode cns-connect-config CNS Connect Info Mode cns-connect-intf-config CNS Connect Intf Info Mode cns-tmpl-connect-config CNS Template Connect Info Mode cns_inventory_submode CNS Inventory SubMode config-rtr-http-rr RTR HTTP raw request Configuration configure Global configuration mode congestion Frame Relay congestion configuration mode --More--   controller Controller configuration mode dhcp DHCP pool configuration mode enum_rule enum configuration mode ephone ephone configuration mode ephone-dn ephone-dn configuration mode exec Exec mode filterserver AAA filter server definitions flow-cache Flow aggregation cache config mode fr-fr FR/FR connection configuration mode frf5 FR/ATM Network IWF configuration mode frf8 FR/ATM Service IWF configuration mode gateway Gateway configuration mode gw-accounting-aaa Gateway accounting aaa configuration mode interface Interface configuration mode interface-dlci Frame Relay dlci configuration mode interface-range Interface range configuration mode ip-explicit-path IP explicit path configuration mode ip-vrf Configure IP VRF parameters ipenacl IP named extended access-list configuration mode ipsnacl IP named simple access-list configuration mode ipv6-router IPv6 router configuration mode ipv6acl IPv6 access-list configuration mode ipx-router IPX router configuration mode --More--   R1(config)#privilege config  ure ? all All suboption will be set to the samelevel level Set privilege level of command reset Reset privilege level of command R1(config)#privilege configure level ? <0-15> Privilege level R1(config)#privilege configure level 4 ? LINE Initial keywords of the command to modify R1(config)#privilege configure level 4 snmp-server community R1(config)#prin vi exec level 4 confgi    ig t R1(config)#privi ec xec level 4 show run R1(config)#user ? WORD User name R1(config)#user JoeUser ? access-class Restrict access by access-class autocommand Automatically issue a command after the user logs in callback-dialstring Callback dialstring callback-line Associate a specific line with this callback callback-rotary Associate a rotary group with this callback dnis Do not require password when obtained via DNIS nocallback-verify Do not require authentication after callback noescape Prevent the user from using an escape character nohangup Do not disconnect after an automatic command nopassword No password is required for the user to log in password Specify the password for the user privilege Set user privilege level secret Specify the secret for the user user-maxlinks Limit the user's number of inbound links R1(config)#user JoeUser priv R1(config)#user JoeUser privilege ? <0-15> User privilege level R1(config)#user JoeUser privilege le  4 ? access-class Restrict access by access-class autocommand Automatically issue a command after the user logs in callback-dialstring Callback dialstring callback-line Associate a specific line with this callback callback-rotary Associate a rotary group with this callback dnis Do not require password when obtained via DNIS nocallback-verify Do not require authentication after callback noescape Prevent the user from using an escape character nohangup Do not disconnect after an automatic command nopassword No password is required for the user to log in password Specify the password for the user privilege Set user privilege level secret Specify the secret for the user user-maxlinks Limit the user's number of inbound links R1(config)#user JoeUser privilege 4 pass cisco R1(config)#line vy ty 0 4 R1(config-line)#loco  gin local R1(config-line)#exit R1(config)#user jb pass   riv 15 pass cisco R1(config)#do sh run | b line vty 0 line vty 0 4 privilege level 15 login local ! ! end R1(config)#config t ^ % Invalid input detected at '^' marker. R1(config)#i line vty 0 4 R1(config-line)#no privilege level 15 R1(config-line)# RACK13AS>5 [Resuming connection 5 to r5 ... ] S5#17.57.100.1 Trying 17.57.100.1 ... Open User Access Verification Username: JoeUser Password: R1#config t Enter configuration commands, one per line. End with CNTL/Z. R1(config)#? Configure commands: atm Enable ATM SLM Statistics call Configure Call parameters default Set a command to its defaults end Exit from configure mode exit Exit from configure mode help Description of the interactive help system no Negate a command or set its defaults snmp-server Modify SNMP engine parameters R1(config)#snm R1(config)#snmp-server ? community Enable SNMP; set community string and access privs R1(config)#snmp-server ci om R1(config)#snmp-server community ? WORD SNMP community string R1(config)#snmp-server community test ? <1-99> Std IP accesslist allowing access with this community string <1300-1999> Expanded IP accesslist allowing access with this community string R1(config)#snmp-server community test                             RACK13AS>1 [Resuming connection 1 to r1 ... ] R1(config-line)#no privilege level 15line vty 0 4 config t do sh run | b line vty 0 user jb priv 15 pass ciscoexit login localine vty 0 4user JoeUser privilege 4 pass ciscoprivi exec level 4 show run config tlege configure level 4 snmp-server community WORD ro R1(config)#privilege configure level 4 snmp-server community WORD ro  rw R1(config)# RACK13AS>5 [Resuming connection 5 to r5 ... ] R1(config)#exit R1#exi   config t Enter configuration commands, one per line. End with CNTL/Z. R1(config)#snm R1(config)#snmp-server com R1(config)#snmp-server community test ? <1-99> Std IP accesslist allowing access with this community string <1300-1999> Expanded IP accesslist allowing access with this community string ro Read-only access with this community string rw Read-write access with this community string R1(config)#snmp-server community test ^Z R1#config t Enter configuration commands, one per line. End with CNTL/Z. R1(config)#snmp-server community test ro R1(config)#^Z R1#sh run Building configuration... Current configuration : 83 bytes ! boot-start-marker boot-end-marker ! ! ! ! ! snmp-server community test RO ! end R1# RACK13AS>1 [Resuming connection 1 to r1 ... ] *Ma R1(config)#^Z R1#sh run | *Mar 1 17:15:18.368: %SYS-5-CONFIG_I: Configured from console by console R1#sh run | b user username JoeUser privilege 4 password 0 cisco username jb privilege 15 password 0 cisco ! ! ! ! interface Ethernet0/0 ip address 17.57.100.1 255.255.255.0 half-duplex ! interface Serial0/0 no ip address encapsulation frame-relay ! interface Serial0/0.1 point-to-point ip address 180.40.7.34 255.255.255.224 ip ospf network point-to-multipoint frame-relay interface-dlci 103 ! interface Ethernet0/1 no ip address shutdown half-duplex --More--  ! interface Serial0/1 no ip address shutdown ! router ospf 1 log-adjacency-changes network 0.0.0.0 255.255.255.255 area 0 ! no ip http server ip classless ! ! ! ! snmp-server community test RO ! ! ! privilege configure level 4 snmp-server community privilege configure level 4 snmp-server privilege exec level 4 configure terminal privilege exec level 4 configure --More--  privilege exec level 4 show running-config --More--  privilege exec level 4 show --More--  ! --More--  line con 0 --More--   exec-timeout 0 0 --More--   logging synchronous --More--  line aux 0 --More--   R1#config t Enter configuration commands, one per line. End with CNTL/Z. R1(config)#no privilege exec level 4 configure terminal R1(config)#no privilege exec level 4 configure R1(config)# RACK13AS>5 [Resuming connection 5 to r5 ... ] R1#config t ^ % Invalid input detected at '^' marker. R1#q [Connection to 17.57.100.1 closed by foreign host] S5# RACK13AS>1 [Resuming connection 1 to r1 ... ] R1(config)#no privilege exec level 4 configure terminalno privilege exec level 4 configure terminal  privilege exec level 4 configure terminal  R1(config)#^Z R1# *Mar 1 17:20:31.377: %SYS-5-CONFIG_I: Configured from console by console R1#sh privi Current privilege level is 15 R1# RACK13AS>5 [Resuming connection 5 to r5 ... ] S5#17.57.100.1 Trying 17.57.100.1 ... Open User Access Verification Username: JoeUser Password: R1#sh privi Current privilege level is 4 R1#q [Connection to 17.57.100.1 closed by foreign host] S5# RACK13AS>2 [Resuming connection 2 to r2 ... ] R2#sh access-list R2#config t Enter configuration commands, one per line. End with CNTL/Z. R2(config)#tim R2(config)#time-range ? WORD Time range name R2(config)#time-range Prob4 R2(config-time-range)#? Time range configuration commands: absolute absolute time and date default Set a command to its defaults exit Exit from time-range configuration mode no Negate a command or set its defaults periodic periodic time and date R2(config-time-range)#per R2(config-time-range)#periodic ? Friday Friday Monday Monday Saturday Saturday Sunday Sunday Thursday Thursday Tuesday Tuesday Wednesday Wednesday daily Every day of the week weekdays Monday thru Friday weekend Saturday and Sunday R2(config-time-range)#periodic dail R2(config-time-range)#periodic daily ? hh:mm Starting time R2(config-time-range)#periodic daily 9:00 ? to ending day and time R2(config-time-range)#periodic daily 9:00 to 21  0 20:: 00 ? R2(config-time-range)#periodic daily 9:00 to 20:00 R2(config-time-range)#exit R2(config)#access-list 100 per ip any any tim R2(config)#access-list 100 per ip any any time-range Prob4 R2(config)#do sh clock *17:23:19.432 UTC Mon Mar 1 1993 R2(config)#do sh access-list Extended IP access list 100 10 permit ip any any time-range Prob4 (active) R2(config)#line vty 0 4 R2(config-line)#acc R2(config-line)#access-class 100 in R2(config-line)#^Z R2# *Mar 1 17:23:52.030: %SYS-5-CONFIG_I: Configured from console by console R2#set clock ? % Unrecognized command R2#set clock           clock set ? hh:mm:ss Current Time R2#clock set 05:00 ? % Unrecognized command R2#clock set 05:00  :00 ? <1-31> Day of the month MONTH Month of the year R2#clock set 05:00:00 13 Aug ? <1993-2035> Year R2#clock set 05:00:00 13 Aug 2025 ? R2#clock set 05:00:00 13 Aug 2025 R2#sh access-list Extended IP access list 100 10 permit ip any any time-range Prob4 (inactive) R2# RACK13AS>5 [Resuming connection 5 to r5 ... ] S5#17.57.101.1 Trying 17.57.101.1 ... % Connection refused by remote host S5# RACK13AS>2 [Resuming connection 2 to r2 ... ] R2#sh access-listclock set 05:00:00 13 Aug 2025 nclock set 05:00:00 13 Aug 2025 oclock set 05:00:00 13 Aug 2025  clock set 05:00:00 13 Aug 2025  ^ % Invalid input detected at '^' marker. R2#clo \   config t Enter configuration commands, one per line. End with CNTL/Z. R2(config)#ntp serv 180.50.7.98 R2(config)#^Z R2#sh Aug 13 05:00:51.680: %SYS-5-CONFIG_I: Configured from console by console R2#sh ntp ass address ref clock st when poll reach delay offset disp ~180.50.7.98 0.0.0.0 16 - 64 0 0.0 0.00 16000. * master (synced), # master (unsynced), + selected, - candidate, ~ configured R2#sh ntp ass address ref clock st when poll reach delay offset disp ~180.50.7.98 0.0.0.0 16 - 64 0 0.0 0.00 16000. * master (synced), # master (unsynced), + selected, - candidate, ~ configured R2#sh ntp ass address ref clock st when poll reach delay offset disp ~180.50.7.98 0.0.0.0 16 - 64 0 0.0 0.00 16000. * master (synced), # master (unsynced), + selected, - candidate, ~ configured R2#sh ntp ass address ref clock st when poll reach delay offset disp ~180.50.7.98 0.0.0.0 16 - 64 0 0.0 0.00 16000. * master (synced), # master (unsynced), + selected, - candidate, ~ configured R2#sh ntp ass address ref clock st when poll reach delay offset disp ~180.50.7.98 0.0.0.0 16 - 64 0 0.0 0.00 16000. * master (synced), # master (unsynced), + selected, - candidate, ~ configured R2#sh ntp ass address ref clock st when poll reach delay offset disp ~180.50.7.98 0.0.0.0 16 - 64 0 0.0 0.00 16000. * master (synced), # master (unsynced), + selected, - candidate, ~ configured R2#sh ntp ass address ref clock st when poll reach delay offset disp ~180.50.7.98 0.0.0.0 16 - 64 0 0.0 0.00 16000. * master (synced), # master (unsynced), + selected, - candidate, ~ configured R2#sh ntp ass address ref clock st when poll reach delay offset disp ~180.50.7.98 0.0.0.0 16 - 64 0 0.0 0.00 16000. * master (synced), # master (unsynced), + selected, - candidate, ~ configured R2#sh ntp ass address ref clock st when poll reach delay offset disp ~180.50.7.98 0.0.0.0 16 - 64 0 0.0 0.00 16000. * master (synced), # master (unsynced), + selected, - candidate, ~ configured R2#sh ntp ass address ref clock st when poll reach delay offset disp ~180.50.7.98 0.0.0.0 16 - 64 0 0.0 0.00 16000. * master (synced), # master (unsynced), + selected, - candidate, ~ configured R2#sh ntp ass address ref clock st when poll reach delay offset disp ~180.50.7.98 0.0.0.0 16 - 64 0 0.0 0.00 16000. * master (synced), # master (unsynced), + selected, - candidate, ~ configured R2#sh ntp ass address ref clock st when poll reach delay offset disp ~180.50.7.98 0.0.0.0 16 - 64 0 0.0 0.00 16000. * master (synced), # master (unsynced), + selected, - candidate, ~ configured R2#sh ntp ass address ref clock st when poll reach delay offset disp ~180.50.7.98 0.0.0.0 16 - 64 0 0.0 0.00 16000. * master (synced), # master (unsynced), + selected, - candidate, ~ configured R2#xo  config t Enter configuration commands, one per line. End with CNTL/Z. R2(config)#ntp serv 180.50.7.98nntp serv 180.50.7.98ontp serv 180.50.7.98 ntp serv 180.50.7.98 R2(config)#no ntp serv 180.50.7.98~tp serv 180.50.7.98 0.7.98 40.7.98 R2(config)#^Z R2#config t Aug 13 05:01:24.578: %SYS-5-CONFIG_I: Configured from console by console R2#config tsh ntp ass address ref clock st when poll reach delay offset disp ~180.40.7.98 192.10.32.254 5 0 64 0 37.8 -61545 16000. * master (synced), # master (unsynced), + selected, - candidate, ~ configured R2#sh ntp ass address ref clock st when poll reach delay offset disp *~180.40.7.98 192.10.32.254 5 0 64 1 38.0 -0.01 15875. * master (synced), # master (unsynced), + selected, - candidate, ~ configured R2#sh clock 22:05:55.040 UTC Fri Feb 10 2006 R2#config t Enter configuration commands, one per line. End with CNTL/Z. R2(config)#tim R2(config)#time-range ? WORD Time range name R2(config)#time-range            clock ? summer-time Configure summer (daylight savings) time timezone Configure time zone R2(config)#clock tim ? WORD name of time zone R2(config)#clock tim PST % Incomplete command. R2(config)#clock tim PST ? <-23 - 23> Hours offset from UTC R2(config)#clock tim PST -8 R2(config)#^Z R2#config tsh clock 14:06:26.416 PST Fri Feb 10 2006 R2# Feb 10 22:06:24.753: %SYS-5-CONFIG_I: Configured from console by console R2#sh clockconfig tsh clockconfig tsh clock sh clockconfig tsh clockntp assconfig t sh ntp assconfig t no clock set 05:00:00 13 Aug 2025 sh access-list  Extended IP access list 100 10 permit ip any any time-range Prob4 (active) R2# RACK13AS>5 [Resuming connection 5 to r5 ... ] S5#17.57.101.1 Trying 17.57.101.1 ... Open R2#q [Connection to 17.57.101.1 closed by foreign host] S5# RACK13AS>4 2 [Resuming connection 2 to r2 ... ] R2#sh run | b access access-list 100 permit ip any any time-range Prob4 ! ! ! ! ! ! ! ! ! line con 0 exec-timeout 0 0 logging synchronous line aux 0 line vty 0 4 access-class 100 in privilege level 15 no login ! ntp server 180.40.7.98 time-range Prob4 periodic daily 9:00 to 20:00 ! --More--   R2# RACK13AS>4 [Resuming connection 4 to r4 ... ] Feb R4#config t Enter configuration commands, one per line. End with CNTL/Z. R4(config)#int at,m    m1/0 R4(config-if)#no ip int Prob2 out ^ % Invalid input detected at '^' marker. R4(config-if)#no ip int Prob2 out Prob2 out s Prob2 outp Prob2 out R4(config-if)#exit R4(config)#acce    ip access         access-list 101 per tcp any any ? ack Match on the ACK bit dscp Match packets with given dscp value eq Match only packets on a given port number established Match established connections fin Match on the FIN bit fragments Check non-initial fragments gt Match only packets with a greater port number log Log matches against this entry log-input Log matches against this entry, including input interface lt Match only packets with a lower port number neq Match only packets not on a given port number precedence Match packets with given precedence value psh Match on the PSH bit range Match only packets in the range of port numbers rst Match on the RST bit syn Match on the SYN bit time-range Specify a time-range tos Match packets with given TOS value urg Match on the URG bit R4(config)#access-list 101 per tcp any any                                 ip access-liust   st Feb 10 22:08:42.627: %SEC-6-IPACCESSLOGP: list 100 denied tcp 192.10.32.254(13300) -> 192.10.32.13(179), 1 packet R4(config)#ip access-list ex Prob5out R4(config-ext-nacl)#per tcp any any ? ack Match on the ACK bit dscp Match packets with given dscp value eq Match only packets on a given port number established Match established connections fin Match on the FIN bit fragments Check non-initial fragments gt Match only packets with a greater port number log Log matches against this entry log-input Log matches against this entry, including input interface lt Match only packets with a lower port number neq Match only packets not on a given port number precedence Match packets with given precedence value psh Match on the PSH bit range Match only packets in the range of port numbers reflect Create reflexive access list entry rst Match on the RST bit syn Match on the SYN bit time-range Specify a time-range tos Match packets with given TOS value urg Match on the URG bit R4(config-ext-nacl)#per tcp any any ref R4(config-ext-nacl)#per tcp any any reflect ? WORD Access-list name R4(config-ext-nacl)#per tcp any any reflect Prob5 R4(config-ext-nacl)#per tcp any any reflect Prob5tcp any any reflect Prob5  any any reflect Prob5  any any reflect Prob5 u any any reflect Prob5d any any reflect Prob5p any any reflect Prob5 R4(config-ext-nacl)#per icmp R4(config-ext-nacl)#per icmp any any ? <0-255> ICMP message type administratively-prohibited Administratively prohibited alternate-address Alternate address conversion-error Datagram conversion dod-host-prohibited Host prohibited dod-net-prohibited Net prohibited dscp Match packets with given dscp value echo Echo (ping) echo-reply Echo reply fragments Check non-initial fragments general-parameter-problem Parameter problem host-isolated Host isolated host-precedence-unreachable Host unreachable for precedence host-redirect Host redirect host-tos-redirect Host redirect for TOS host-tos-unreachable Host unreachable for TOS host-unknown Host unknown host-unreachable Host unreachable information-reply Information replies information-request Information requests log Log matches against this entry log-input Log matches against this entry, including input --More--   interface mask-reply Mask replies mask-request Mask requests mobile-redirect Mobile host redirect net-redirect Network redirect net-tos-redirect Net redirect for TOS net-tos-unreachable Network unreachable for TOS net-unreachable Net unreachable network-unknown Network unknown no-room-for-option Parameter required but no room option-missing Parameter required but not present packet-too-big Fragmentation needed and DF set parameter-problem All parameter problems port-unreachable Port unreachable precedence Match packets with given precedence value precedence-unreachable Precedence cutoff protocol-unreachable Protocol unreachable reassembly-timeout Reassembly timeout redirect All redirects reflect Create reflexive access list entry router-advertisement Router discovery advertisements router-solicitation Router discovery solicitations source-quench Source quenches --More--   R4(config-ext-nacl)#per icmp any any ref R4(config-ext-nacl)#per icmp any any reflect Prob5 R4(config-ext-nacl)#exit R4(config)#ip access-list ex Prob5in R4(config-ext-nacl)# R4(config-ext-nacl)#per us dp any any eq ntp R4(config-ext-nacl)#ev R4(config-ext-nacl)#evaluate Prob5 R4(config-ext-nacl)#den ip any any loog ^ % Invalid input detected at '^' marker. R4(config-ext-nacl)#den ip any any loogg  R4(config-ext-nacl)#int atm 1/0 R4(config-if)#ip acces R4(config-if)#ip access-group Prob5out % Incomplete command. R4(config-if)#ip access-group Prob5outob5out out R4(config-if)# Feb 10 22:10:42.672: %SEC-6-IPACCESSLOGP: list 100 denied tcp 192.10.32.254(13315) -> 192.10.32.13(179), 1 packet R4(config-if)#ip access-group Prob5out out       in in R4(config-if)#^Z R4# Feb 10 22:10:50.332: %SYS-5-CONFIG_I: Configured from console by console R4#sh run int atm 1/0 Building configuration... Current configuration : 212 bytes ! interface ATM1/0 ip address 192.10.32.13 255.255.255.0 ip access-group Prob5in in ip access-group Prob5out out ip nat outside no atm ilmi-keepalive pvc 0/72 protocol ip 192.10.32.254 broadcast ! end R4#^x3 % Unknown command or computer name, or unable to find computer address R4# R4# RACK13AS>3 [Resuming connection 3 to r3 ... ] R3#ping 192.10.2 32.1 254 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192.10.32.254, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 4/4/8 ms R3# RACK13AS>4 [Resuming connection 4 to r4 ... ] R4#sh access-list Standard IP access list IPNAT 10 permit 180.40.7.0, wildcard bits 0.0.0.255 (4 matches) 20 permit 17.0.0.0, wildcard bits 0.255.255.255 (3 matches) Extended IP access list 100 10 permit udp any any eq ntp (78 matches) 20 deny ip any any log (14 matches) Reflexive IP access list Prob5 permit icmp host 192.10.32.254 host 192.10.32.13 (19 matches) (time left 294) Extended IP access list Prob5in 10 permit udp any any eq ntp 20 evaluate Prob5 30 deny ip any any log Extended IP access list Prob5out 10 permit tcp any any reflect Prob5 20 permit udp any any reflect Prob5 30 permit icmp any any reflect Prob5 (9 matches) R4#sh run | CC    i access-list ip access-list standard IPNAT ip access-list extended Prob5in ip access-list extended Prob5out access-list 100 permit udp any any eq ntp access-list 100 deny ip any any log R4# Feb 10 22:12:42.713: %SEC-6-IPACCESSLOGP: list Prob5in denied tcp 192.10.32.254(13330) -> 192.10.32.13(179), 1 packet R4#sh run | b interface ATM  1/0 interface ATM1/0 ip address 192.10.32.13 255.255.255.0 ip access-group Prob5in in ip access-group Prob5out out ip nat outside no atm ilmi-keepalive pvc 0/72 protocol ip 192.10.32.254 broadcast ! ! router ospf 1 log-adjacency-changes network 0.0.0.0 255.255.255.255 area 0 ! ip nat inside source list IPNAT interface ATM1/0 overload no ip http server no ip http secure-server ip classless ! ! ! ip access-list standard IPNAT permit 180.40.7.0 0.0.0.255 --More--   permit 17.0.0.0 0.255.255.255 ! ip access-list extended Prob5in permit udp any any eq ntp evaluate Prob5 deny ip any any log ip access-list extended Prob5out permit tcp any any reflect Prob5 permit udp any any reflect Prob5 permit icmp any any reflect Prob5 access-list 100 permit udp any any eq ntp access-list 100 deny ip any any log ! ! ! ! ! ! line con 0 exec-timeout 0 0 logging synchronous line aux 0 line vty 0 4 --More--   R4# Feb 10 22:14:42.726: %SEC-6-IPACCESSLOGP: list Prob5in denied tcp 192.10.32.254(13345) -> 192.10.32.13(179), 1 packet R4# RACK13AS>1 [Resuming connection 1 to r1 ... ] R1#config t Enter configuration commands, one per line. End with CNTL/Z. R1(config)#tac R1(config)#tacacs-server 17.57.100.99 ? % Unrecognized command R1(config)#tacacs-server 17.57.100.99              ? administration Start tacacs+ daemon handling administrative messages directed-request Allow user to specify tacacs server to use with `@server' dns-alias-lookup Enable IP Domain Name System Alias lookup for TACACS servers extended Enable extended TACACS host Specify a TACACS server key Set TACACS+ encryption key. last-resort Define TACACS action if no server responds optional-passwords The first TACACS request can be made without password verification packet Modify TACACS+ packet options retransmit Search iterations of the TACACS server list timeout Time to wait for a TACACS server to reply R1(config)#tacacs-server hos ? Hostname or A.B.C.D IP address of TACACS server R1(config)#tacacs-server hos 17.57.100.99 R1(config)#tacacs-server hos 17.57.100.99                key ? 0 Specifies an UNENCRYPTED key will follow 7 Specifies HIDDEN key will follow LINE The UNENCRYPTED (cleartext) shared key R1(config)#tacacs-server key MyKey ? LINE R1(config)#tacacs-server key MyKey   R1(config)#aa ne % Ambiguous command: "aa ne" R1(config)#aa ne   a new R1(config)#aaa new-model R1(config)#aaa authen R1(config)#aaa authentication ? arap Set authentication lists for arap. attempts Set the maximum number of authentication attempts banner Message to use when starting login/authentication. enable Set authentication list for enable. fail-message Message to use for failed login/authentication. login Set authentication lists for logins. password-prompt Text to use when prompting for a password ppp Set authentication lists for ppp. sgbp Set authentication lists for sgbp. username-prompt Text to use when prompting for a username R1(config)#aaa authentication login > ? WORD Named authentication list. default The default authentication list. R1(config)#aaa authentication login def R1(config)#aaa authentication login default ? enable Use enable password for authentication. group Use Server-group krb5 Use Kerberos 5 authentication. krb5-telnet Allow logins only if already authenticated via Kerberos V Telnet. line Use line password for authentication. local Use local username authentication. local-case Use case-sensitive local username authentication. none NO authentication. R1(config)#aaa authentication login default grou tac R1(config)#aaa authentication login default grou tacacs+ ? enable Use enable password for authentication. group Use Server-group krb5 Use Kerberos 5 authentication. line Use line password for authentication. local Use local username authentication. local-case Use case-sensitive local username authentication. none NO authentication. R1(config)#aaa authentication login default grou tacacs+ local ? enable Use enable password for authentication. group Use Server-group krb5 Use Kerberos 5 authentication. line Use line password for authentication. none NO authentication. R1(config)#aaa authentication login default grou tacacs+ local R1(config)#^Z R1# *Mar 1 17:39:57.301: %SYS-5-CONFIG_I: Configured from console by console R1#sh run | i b v line vty 0 line vty 0 4 ! ! end R1#config t Enter configuration commands, one per line. End with CNTL/Z. R1(config)#^Z R1# RACK13AS>5 [Resuming connection 5 to r5 ... ] S5#17.57.101.10.1 Trying 17.57.100.1 ... Open Username: JoeUser Password: R1>end Translating "end" Translating "end" % Unknown command or computer name, or unable to find computer address R1>exit [Connection to 17.57.100.1 closed by foreign host] S5# RACK13AS>1 [Resuming connection 1 to r1 ... ] *M R1#config t Enter configuration commands, one per line. End with CNTL/Z. R1(config)#aaa aut R1(config)#aaa authe R1(config)#aaa authentication            ? authentication authorization R1(config)#aaa author ? auth-proxy For Authentication Proxy Services cache For AAA cache configuration commands For exec (shell) commands. config-commands For configuration mode commands. configuration For downloading configurations from AAA server console For enabling console authorization exec For starting an exec (shell). ipmobile For Mobile IP services. network For network services. (PPP, SLIP, ARAP) reverse-access For reverse access connections template Enable template authorization R1(config)#aaa author            ^Z R1#sh run *Mar 1 17:42:04.505: %SYS-5-CONFIG_I: Configured from console by console R1#sh run | b user username JoeUser privilege 4 password 0 cisco username jb privilege 15 password 0 cisco ! ! ! ! interface Ethernet0/0 ip address 17.57.100.1 255.255.255.0 half-duplex ! interface Serial0/0 no ip address encapsulation frame-relay ! interface Serial0/0.1 point-to-point ip address 180.40.7.34 255.255.255.224 ip ospf network point-to-multipoint frame-relay interface-dlci 103 ! interface Ethernet0/1 no ip address shutdown half-duplex --More--   R1#config t Enter configuration commands, one per line. End with CNTL/Z. R1(config)#aaa autho R1(config)#aaa authorization ? auth-proxy For Authentication Proxy Services cache For AAA cache configuration commands For exec (shell) commands. config-commands For configuration mode commands. configuration For downloading configurations from AAA server console For enabling console authorization exec For starting an exec (shell). ipmobile For Mobile IP services. network For network services. (PPP, SLIP, ARAP) reverse-access For reverse access connections template Enable template authorization R1(config)#aaa authorization comm R1(config)#aaa authorization commands ? <0-15> Enable level R1(config)#aaa authorization commands 3 4 ? WORD Named authorization list. default The default authorization list. R1(config)#aaa authorization commands 4 default ? group Use server-group. if-authenticated Succeed if user has authenticated. local Use local database. none No authorization (always succeeds). R1(config)#aaa authorization commands 4 default local ? group Use server-group. if-authenticated Succeed if user has authenticated. none No authorization (always succeeds). R1(config)#aaa authorization commands 4 default local if ? group Use server-group. none No authorization (always succeeds). R1(config)#aaa authorization commands 4 default local if R1(config)# RACK13AS>5 [Resuming connection 5 to r5 ... ] S5#17.57.100.1 Trying 17.57.100.1 ... Open Username: JoeUser Password: R1>q [Connection to 17.57.100.1 closed by foreign host] S5# S5# RACK13AS>1 [Resuming connection 1 to r1 ... ] R1(config)#aaa authorization commands 4 default local if                             ? auth-proxy For Authentication Proxy Services cache For AAA cache configuration commands For exec (shell) commands. config-commands For configuration mode commands. configuration For downloading configurations from AAA server console For enabling console authorization exec For starting an exec (shell). ipmobile For Mobile IP services. network For network services. (PPP, SLIP, ARAP) reverse-access For reverse access connections template Enable template authorization R1(config)#aaa authorization                   aa R1(config)#aaa R1(config)#aaa authen R1(config)#aaa authentication ? arap Set authentication lists for arap. attempts Set the maximum number of authentication attempts banner Message to use when starting login/authentication. enable Set authentication list for enable. fail-message Message to use for failed login/authentication. login Set authentication lists for logins. password-prompt Text to use when prompting for a password ppp Set authentication lists for ppp. sgbp Set authentication lists for sgbp. username-prompt Text to use when prompting for a username R1(config)#aaa authentication us R1(config)#aaa authentication username-prompt ? WORD Text of prompt R1(config)#aaa authentication username-prompt ? WORD Text of prompt R1(config)#aaa authentication username-prompt CCIEUsername: R1(config)#aaa authentication username-prompt CCIEUsername:                                 pass R1(config)#aaa authentication password-prompt CCIE  _Password: R1(config)#aaa authentication password-prompt CCIE_Password:username-prompt CCIEUsername: _Username:  R1(config)#aaa authen R1(config)#aaa authentication ba R1(config)#aaa authentication banner ? LINE c message-text c, where 'c' is a delimiting character R1(config)#aaa authentication banner # Enter TEXT message. End with the character '#'. Keep out  ....this      dogs inside Yo momma # R1(config)# RACK13AS>5 [Resuming connection 5 to r5 ... ] S5#17.57.100.1 Trying 17.57.100.1 ... Open CCIE_Username: % CCIE_Username: timeout expired! RACK13AS>1 [Resuming connection 1 to r1 ... ] R1(config)##Yo mommaKeep out....dogs insideaaa authentication banner #username-prompt CCIE_Username: banner #           log R1(config)#aaa authentication login ba R1(config)#aaa authentication login ban R1(config)#aaa authentication login ban                            ban R1(config)#banner ? LINE c banner-text c, where 'c' is a delimiting character exec Set EXEC process creation banner incoming Set incoming terminal line banner login Set login banner motd Set Message of the Day banner prompt-timeout Set Message for login authentication timeout slip-ppp Set Message for SLIP/PPP R1(config)#banner motd # Enter TEXT message. End with the character '#'. banner motd #  banner motd ## Yo mommaKeep out....dogs insideaaa authentication banner #Keep out....dogs inside  Keep out....dogs insidebanner motd #  R1(config)#banner motd #              RACK13AS>6 5 [Resuming connection 5 to r5 ... ] [Con S5#17.57.100.1 Trying 17.57.100.1 ... Open Keep out....dogs inside banner motd CCIE_Username:JoeUser CCIE_Password: R1>q [Connection to 17.57.100.1 closed by foreign host] S5# RACK13AS>1 [Resuming connection 1 to r1 ... ] R1(config)#aaa authe R1(config)#aaa authentication b R1(config)#aaa authentication banner ? LINE c message-text c, where 'c' is a delimiting character R1(config)#aaa authentication banner                           mo    no bann motd R1(config)# RACK13AS> [Resuming connection 1 to r1 ... ] R1(config)#^Z R1#s hrun      *Mar 1 17:51:24.511: %SYS-5-CONFIG_I: Configured from console by console R1#s h   sh run | b aaa aaa new-model ! ! aaa authentication banner ^C Keep out....dogs inside Yo momma ^C aaa authentication password-prompt CCIE_Password: aaa authentication username-prompt CCIE_Username: aaa authentication login default group tacacs+ local aaa authorization commands 4 default local if-authenticated aaa session-id common ip subnet-zero ! ! no ip domain lookup ! ip cef ! ! --More-- RACK13AS>5 [Resuming connection 5 to r5 ... ] S5#17.57.100.1 Trying 17.57.100.1 ... Open CCIE_Username: % CCIE_Username: timeout expired! [Connection to 17.57.100.1 closed by foreign host] S5# RACK13AS>1 [Resuming connection 1 to r1 ... ]  ! --More--   R1#config t Enter configuration commands, one per line. End with CNTL/Z. R1(config)#aaa aht  th R1(config)#aaa ath  utho R1(config)#aaa authorization ex R1(config)#aaa authorization exec ? WORD Named authorization list. default The default authorization list. R1(config)#aaa authorization exec defa R1(config)#aaa authorization exec default ? group Use server-group. if-authenticated Succeed if user has authenticated. krb5-instance Use Kerberos instance privilege maps. local Use local database. none No authorization (always succeeds). R1(config)#aaa authorization exec default local R1(config)# RACK13AS>5 [Resuming connection 5 to r5 ... ] S5#17.57.100.1 Trying 17.57.100.1 ... Open CCIE_Username:JoeUser CCIE_Password: R1#q [Connection to 17.57.100.1 closed by foreign host] S5# S5# RACK13AS>1 [Resuming connection 1 to r1 ... ] R1(config)#^Z R1#sh run *Mar 1 17:53:03.189: %SYS-5-CONFIG_I: Configured from console by console R1#sh run | b aaa aaa new-model ! ! aaa authentication banner ^C Keep out....dogs inside Yo momma ^C aaa authentication password-prompt CCIE_Password: aaa authentication username-prompt CCIE_Username: aaa authentication login default group tacacs+ local aaa authorization exec default local aaa authorization commands 4 default local if-authenticated aaa session-id common ip subnet-zero ! ! no ip domain lookup ! ip cef ! --More--   R1# RACK13AS>3 [Resuming connection 3 to r3 ... ] R3#config t Enter configuration commands, one per line. End with CNTL/Z. R3(config)#user George pass bosco R3(config)#a ip access-list ex Prob9 R3(config-ext-nacl)#per     do sh ip proto Routing Protocol is "ospf 1" Outgoing update filter list for all interfaces is not set Incoming update filter list for all interfaces is not set Router ID 180.40.7.129 Number of areas in this router is 1. 1 normal 0 stub 0 nssa Maximum path: 4 Routing for Networks: 0.0.0.0 255.255.255.255 area 0 Routing Information Sources: Gateway Distance Last Update 17.57.101.2 110 17:50:50 180.40.7.35 110 17:50:50 180.40.7.34 110 17:50:50 192.10.32.13 110 17:50:50 Distance: (default is 110) R3(config-ext-nacl)#q per osp any any R3(config-ext-nacl)#per ntp any any           us dp any any eq ntp R3(config-ext-nacl)#dy R3(config-ext-nacl)#dynamic ? WORD Name of a Dynamic list R3(config-ext-nacl)#dynamic Prob9D ? deny Specify packets to reject exit Exit from access-list configuration mode permit Specify packets to forward timeout Maximum time for dynamic ACL to live R3(config-ext-nacl)#dynamic Prob9D tim ? <1-9999> Maximum time to live R3(config-ext-nacl)#dynamic Prob9D tim 60 ? deny Specify packets to reject exit Exit from access-list configuration mode permit Specify packets to forward R3(config-ext-nacl)#dynamic Prob9D tim 60    60 ? deny Specify packets to reject exit Exit from access-list configuration mode permit Specify packets to forward R3(config-ext-nacl)#dynamic Prob9D tim 60 per ? <0-255> An IP protocol number ahp Authentication Header Protocol eigrp Cisco's EIGRP routing protocol esp Encapsulation Security Payload gre Cisco's GRE tunneling icmp Internet Control Message Protocol igmp Internet Gateway Message Protocol ip Any Internet Protocol ipinip IP in IP tunneling nos KA9Q NOS compatible IP over IP tunneling ospf OSPF routing protocol pcp Payload Compression Protocol pim Protocol Independent Multicast tcp Transmission Control Protocol udp User Datagram Protocol R3(config-ext-nacl)#dynamic Prob9D tim 60 per ip an  y any ? dscp Match packets with given dscp value fragments Check non-initial fragments log Log matches against this entry log-input Log matches against this entry, including input interface precedence Match packets with given precedence value time-range Specify a time-range tos Match packets with given TOS value R3(config-ext-nacl)#dynamic Prob9D tim 60 per ip any any R3(config-ext-nacl)#int fa 0/1 R3(config-if)#ip access R3(config-if)#ip access-group Prob9 in R3(config-if)#line vty 0 4 R3(config-line)#login local R3(config-line)#do sh run | b line vty line vty 0 4 privilege level 15 login local ! ntp authentication-key 1 md5 1063102D0C1A17 7 ntp clock-period 17208190 ntp server 180.40.7.98 key 1 ! end R3(config-line)#no privilege level 15 R3(config-line)#^Z R3# Feb 10 22:36:42.655: %SYS-5-CONFIG_I: Configured from console by console R3# RACK13AS>6 [Resuming connection 6 to r6 ... ] S6#ping 180.40.7.2 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 180.40.7.2, timeout is 2 seconds: U.U.U Success rate is 0 percent (0/5) S6#180.40.        RACK13AS>3 [Resuming connection 3 to r3 ... ] R3#sh access-list Extended IP access list Prob9 10 permit ospf any any (11 matches) 20 permit udp any any eq ntp (7 matches) 30 Dynamic Prob9D permit ip any any R3#config t Enter configuration commands, one per line. End with CNTL/Z. R3(config)#ip acces ex prob9 R3(config-ext-nacl)#ip acces ex prob9rob9 Prob9 R3(config-ext-nacl)#25 per tcp any 180.40.7.129 % Incomplete command. R3(config-ext-nacl)#25 per tcp any 180.40.7.129  25 per tcp any 180.40.7.129h180.40.7.129o180.40.7.129s180.40.7.129t180.40.7.129 180.40.7.129 R3(config-ext-nacl)#25 per tcp any host 180.40.7.129   33 % Duplicate sequence number R3(config-ext-nacl)#25 per tcp any host 180.40.7.33 25 per tcp any host 180.40.7.3325 per tcp any host 180.40.7.33 6 per tcp any host 180.40.7.33 R3(config-ext-nacl)#26 per tcp any host 180.40.7.33 26 per tcp any host 180.40.7.3 7 per tcp any host 180.40.7.3 R3(config-ext-nacl)#^Z R3# Feb 10 22:39:25.065: %SYS-5-CONFIG_I: Configured from console by console R3#config tsh access-listconfig t sh access-listconfig t  config t Enter configuration commands, one per line. End with CNTL/Z. R3(config)#no 27 per tcp any host 180.40.7.36 per tcp any host 180.40.7.335 per tcp any host 180.40.7.33129180.40.7.129 ip acces ex Prob9  R3(config-ext-nacl)#ip acces ex Prob927 per tcp any host 180.40.7.3ip acces ex Prob9  b no 25 R3(config-ext-nacl)#no 25 6 R3(config-ext-nacl)#no 26 7 R3(config-ext-nacl)#no 2765ip acces ex Prob927 per tcp any host 180.40.7.36 per tcp any host 180.40.7.335 per tcp any host 180.40.7.33129 eq 23 R3(config-ext-nacl)#25 per tcp any host 180.40.7.129 eq 23no 27 65ip acces ex Prob927 per tcp any host 180.40.7.36 per tcp any host 180.40.7.33 eq 23 R3(config-ext-nacl)#26 per tcp any host 180.40.7.33 eq 235 per tcp any host 180.40.7.129 eq 23no 27 65ip acces ex Prob927 per tcp any host 180.40.7.3 eq 23 R3(config-ext-nacl)#^Z R3# Feb 10 22:40:13.642: %SYS-5-CONFIG_I: Configured from console by console R3# RACK13AS>6 [Resuming connection 6 to r6 ... ] S6#ping 180.40.7.292.10.32.25480.40.7.2  Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 180.40.7.2, timeout is 2 seconds: U.U.U Success rate is 0 percent (0/5) S6#180  .40.7.129 Trying 180.40.7.129 ... Open User Access Verification Username: George Password: R3>q [Connection to 180.40.7.129 closed by foreign host] S6#180.40.7.129ping 180.40.7.2 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 180.40.7.2, timeout is 2 seconds: U.U RACK13AS>3 [Resuming connection 3 to r3 ... ] R3#config t Enter configuration commands, one per line. End with CNTL/Z. R3(config)#line vty 0 4 R3(config-line)#au R3(config-line)#auto-c R3(config-line)#auto-c  ? autobaud autocommand autocommand-options autohangup autoselect R3(config-line)#autocom R3(config-line)#autocommand? autocommand autocommand-options R3(config-line)#autocommand             exit R3(config)#user George as    pass c b      ? access-class Restrict access by access-class autocommand Automatically issue a command after the user logs in callback-dialstring Callback dialstring callback-line Associate a specific line with this callback callback-rotary Associate a rotary group with this callback dnis Do not require password when obtained via DNIS nocallback-verify Do not require authentication after callback noescape Prevent the user from using an escape character nohangup Do not disconnect after an automatic command nopassword No password is required for the user to log in password Specify the password for the user privilege Set user privilege level secret Specify the secret for the user user-maxlinks Limit the user's number of inbound links R3(config)#user George auto R3(config)#user George autocommand ? LINE Command to be automatically issued after the user logs in R3(config)#user George autocommand access-enable ? LINE R3(config)#user George autocommand access-enable   host        timeout 240   120 R3(config)# RACK13AS>6 [Resuming connection 6 to r6 ... ] .U S6#ping 180.40.7.2180.40.7.129  Trying 180.40.7.129 ... Open User Access Verification Username: George Password: % Login invalid Username: George Password: [Connection to 180.40.7.129 closed by foreign host] S6#180.40.7.129ping 180.40.7.2 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 180.40.7.2, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 44/44/44 ms S6# RACK13AS>3 [Resuming connection 3 to r3 ... ] R3(config)#^Z R3#sh acces Feb 10 22:43:11.265: %SYS-5-CONFIG_I: Configured from console by console R3#sh access s-list Extended IP access list Prob9 10 permit ospf any any (44 matches) 20 permit udp any any eq ntp (27 matches) 25 permit tcp any host 180.40.7.129 eq telnet (231 matches) 26 permit tcp any host 180.40.7.33 eq telnet 27 permit tcp any host 180.40.7.3 eq telnet 30 Dynamic Prob9D permit ip any any permit ip any any (5 matches) (time left 7168) Extended IP access list prob9 R3# R3# R3# R3#config t        config t Enter configuration commands, one per line. End with CNTL/Z. R3(config)#user George autocommand access-enable timeout 120   2 R3(config)#^Z R3# Feb 10 22:44:06.585: %SYS-5-CONFIG_I: Configured from console by console R3# R3#config tsh access-list Extended IP access list Prob9 10 permit ospf any any (50 matches) 20 permit udp any any eq ntp (31 matches) 25 permit tcp any host 180.40.7.129 eq telnet (231 matches) 26 permit tcp any host 180.40.7.33 eq telnet 27 permit tcp any host 180.40.7.3 eq telnet 30 Dynamic Prob9D permit ip any any permit ip any any (5 matches) (time left 7112) Extended IP access list prob9 R3#config t Enter configuration commands, one per line. End with CNTL/Z. R3(config)#int fa 0/1 R3(config-if)#no ip access-list rob9 i      Prob9 in ^ % Invalid input detected at '^' marker. R3(config-if)#no ip access-list Prob9 in Prob9 in  Prob9 in  Prob9 in  Prob9 in g Prob9 inr Prob9 ino Prob9 inu Prob9 in R3(config-if)#no ip access-grou Prob9 inno ip access-grou Prob9 in  ip access-grou Prob9 in  R3(config-if)#^Z R3#sh ACCE Feb 10 22:44:52.798: %SYS-5-CONFIG_I: Configured from console by console R3#sh ACCEess ^ % Invalid input detected at '^' marker. R3#sh ACCEess    ess-list Extended IP access list Prob9 10 permit ospf any any (54 matches) 20 permit udp any any eq ntp (32 matches) 25 permit tcp any host 180.40.7.129 eq telnet (231 matches) 26 permit tcp any host 180.40.7.33 eq telnet 27 permit tcp any host 180.40.7.3 eq telnet 30 Dynamic Prob9D permit ip any any permit ip any any (5 matches) (time left 7063) Extended IP access list prob9 R3#^Z R3#cofnig t ^ % Invalid input detected at '^' marker. R3#int cf      config t Enter configuration commands, one per line. End with CNTL/Z. R3(config)#int fa 0/1 R3(config-if)#shut R3(config-if)# Feb 10 22:45:12.775: %OSPF-5-ADJCHG: Process 1, Nbr 180.40.7.130 on FastEthernet0/1 from FULL to DOWN, Neighbor Down: Interface down or detached R3(config-if)#do sh Feb 10 22:45:14.774: %LINK-5-CHANGED: Interface FastEthernet0/1, changed state to administratively down Feb 10 22:45:15.776: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed state to down R3(config-if)#do sh access-list Extended IP access list Prob9 10 permit ospf any any (55 matches) 20 permit udp any any eq ntp (35 matches) 25 permit tcp any host 180.40.7.129 eq telnet (231 matches) 26 permit tcp any host 180.40.7.33 eq telnet 27 permit tcp any host 180.40.7.3 eq telnet 30 Dynamic Prob9D permit ip any any permit ip any any (5 matches) (time left 7045) Extended IP access list prob9 R3(config-if)#no hsut ^ % Invalid input detected at '^' marker. R3(config-if)#no shut R3(config-if)#exit R3(config)#ip acce Feb 10 22:45:37.180: %LINK-3-UPDOWN: Interface FastEthernet0/1, changed state to up R3(config)#ip access-list e Feb 10 22:45:39.732: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed state to up Feb 10 22:45:40.734: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed state to down R3(config)#ip access-list ex Prob9 R3(config-ext-nacl)#no 30 R3(config-ext-nacl)# Feb 10 22:45:47.485: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed state to up R3(config-ext-nacl)#do sh access-list Extended IP access list Prob9 10 permit ospf any any (57 matches) 20 permit udp any any eq ntp (35 matches) 25 permit tcp any host 180.40.7.129 eq telnet (231 matches) 26 permit tcp any host 180.40.7.33 eq telnet 27 permit tcp any host 180.40.7.3 eq telnet Extended IP access list prob9 R3(config-ext-nacl)# Dynamic Prob9D permit ip any any R3(config-ext-nacl)#^Z R3# RACK13AS>6 [Resuming connection 6 to r6 ... ] 18: S6#ping 180.40.7.2180.40.7.129  Trying 180.40.7.129 ... Open User Access Verification Username: RACK13AS>3 [Resuming connection 3 to r3 ... ] Fe R3#config t Enter configuration commands, one per line. End with CNTL/Z. R3(config)# Dynamic Prob9D permit ip any anydo sh access-list no 30 ip access-list ex Prob9 R3(config-ext-nacl)#ip access-list ex Prob9 Dynamic Prob9D permit ip any any ? dscp Match packets with given dscp value fragments Check non-initial fragments log Log matches against this entry log-input Log matches against this entry, including input interface precedence Match packets with given precedence value time-range Specify a time-range tos Match packets with given TOS value R3(config-ext-nacl)# Dynamic Prob9D permit ip any any   Feb 10 22:46:28.741: %OSPF-5-ADJCHG: Process 1, Nbr 180.40.7.130 on FastEthernet0/1 from LOADING to FULL, Loading Done R3(config-ext-nacl)# Dynamic Prob9D permit ip any any                 ? deny Specify packets to reject exit Exit from access-list configuration mode permit Specify packets to forward timeout Maximum time for dynamic ACL to live R3(config-ext-nacl)# Dynamic Prob9D tim R3(config-ext-nacl)# Dynamic Prob9D timeout ? <1-9999> Maximum time to live R3(config-ext-nacl)# Dynamic Prob9D timeout 60 ? deny Specify packets to reject exit Exit from access-list configuration mode permit Specify packets to forward R3(config-ext-nacl)# Dynamic Prob9D timeout 60 per ip any any ? dscp Match packets with given dscp value fragments Check non-initial fragments log Log matches against this entry log-input Log matches against this entry, including input interface precedence Match packets with given precedence value time-range Specify a time-range tos Match packets with given TOS value R3(config-ext-nacl)# Dynamic Prob9D timeout 60 per ip any any   % Only one dynamic entry can be configured per ACL R3(config-ext-nacl)# Dynamic Prob9D timeout 60 per ip any anyno 30 ^ % Invalid input detected at '^' marker. R3(config-ext-nacl)#no 30 R3(config-ext-nacl)#no 30 Dynamic Prob9D timeout 60 per ip any anyno 30 ^ % Invalid input detected at '^' marker. R3(config-ext-nacl)# Dynamic Prob9D timeout 60 per ip any anyno 30      % Only one dynamic entry can be configured per ACL R3(config-ext-nacl)#do sh acces-lis     ss-list Extended IP access list Prob9 10 permit ospf any any (78 matches) 20 permit udp any any eq ntp (38 matches) 25 permit tcp any host 180.40.7.129 eq telnet (264 matches) 26 permit tcp any host 180.40.7.33 eq telnet 27 permit tcp any host 180.40.7.3 eq telnet 37 Dynamic Prob9D permit ip any any Extended IP access list prob9 R3(config-ext-nacl)#co  no 37 R3(config-ext-nacl)#no 37do sh access-list Dynamic Prob9D timeout 60 per ip any any R3(config-ext-nacl)#^Z R3# Feb 10 22:47:29.638: %SYS-5-CONFIG_I: Configured from console by console R3# RACK13AS>6 [Resuming connection 6 to r6 ... ] 1 Username: George Password: % Login invalid [Connection to 180.40.7.129 closed by foreign host] S6#Ger orge      180.40.7.129ping 180.40.7.2180.40.7.129  Trying 180.40.7.129 ... Open User Access Verification Username: George Password: [Connection to 180.40.7.129 closed by foreign host] S6# RACK13AS>3 [Resuming connection 3 to r3 ... ] R3#sh access-list Extended IP access list Prob9 10 permit ospf any any (83 matches) 20 permit udp any any eq ntp (39 matches) 25 permit tcp any host 180.40.7.129 eq telnet (417 matches) 26 permit tcp any host 180.40.7.33 eq telnet 27 permit tcp any host 180.40.7.3 eq telnet 37 Dynamic Prob9D permit ip any any permit ip any any Extended IP access list prob9 R3# RACK13AS>6 [Resuming connection 6 to r6 ... ] S6#180.40.7.129ping 180.40.7.2 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 180.40.7.2, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 40/43/44 ms S6# RACK13AS>3 [Resuming connection 3 to r3 ... ] R3#sh access-list Extended IP access list Prob9 10 permit ospf any any (84 matches) 20 permit udp any any eq ntp (39 matches) 25 permit tcp any host 180.40.7.129 eq telnet (417 matches) 26 permit tcp any host 180.40.7.33 eq telnet 27 permit tcp any host 180.40.7.3 eq telnet 37 Dynamic Prob9D permit ip any any permit ip any any (5 matches) (time left 116) Extended IP access list prob9 R3#sh access-list Extended IP access list Prob9 10 permit ospf any any (85 matches) 20 permit udp any any eq ntp (42 matches) 25 permit tcp any host 180.40.7.129 eq telnet (417 matches) 26 permit tcp any host 180.40.7.33 eq telnet 27 permit tcp any host 180.40.7.3 eq telnet 37 Dynamic Prob9D permit ip any any permit ip any any (5 matches) (time left 107) Extended IP access list prob9 R3# RACK13AS>6 [Resuming connection 6 to r6 ... ] S6#ping 180.40.7.2 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 180.40.7.2, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 44/44/44 ms S6# RACK13AS>3 [Resuming connection 3 to r3 ... ] R3#sh access-list Extended IP access list Prob9 10 permit ospf any any (86 matches) 20 permit udp any any eq ntp (42 matches) 25 permit tcp any host 180.40.7.129 eq telnet (417 matches) 26 permit tcp any host 180.40.7.33 eq telnet 27 permit tcp any host 180.40.7.3 eq telnet 37 Dynamic Prob9D permit ip any any permit ip any any (10 matches) (time left 116) Extended IP access list prob9 R3#sh    sh run | b user username George password 0 bosco username George autocommand access-enable timeout 2 ! ! ! ! ! ! ! ! interface FastEthernet0/0 no ip address shutdown duplex auto speed auto ! interface BRI0/0 no ip address shutdown ! interface FastEthernet0/1 ip address 180.40.7.129 255.255.255.224 ip access-group Prob9 in --More--   duplex auto speed auto ! interface Serial1/0 ip address 180.40.7.33 255.255.255.224 encapsulation frame-relay ip ospf network point-to-multipoint frame-relay map ip 180.40.7.34 301 broadcast frame-relay map ip 180.40.7.35 302 broadcast ! interface Serial1/1 no ip address shutdown ! interface Serial1/2 ip address 180.40.7.3 255.255.255.224 ! interface Serial1/3 no ip address shutdown ! interface Serial1/4 no ip address --More--   shutdown ! interface Serial1/5 no ip address shutdown ! interface Serial1/6 no ip address shutdown ! interface Serial1/7 no ip address shutdown ! router ospf 1 log-adjacency-changes network 0.0.0.0 255.255.255.255 area 0 ! ip classless ! no ip http server no ip http secure-server ! --More--  ip access-list extended Prob9 permit ospf any any permit udp any any eq ntp permit tcp any host 180.40.7.129 eq telnet permit tcp any host 180.40.7.33 eq telnet permit tcp any host 180.40.7.3 eq telnet dynamic Prob9D timeout 60 permit ip any any ip access-list extended prob9 ! ! ! ! ! ! ! ! ! ! line con 0 exec-timeout 0 0 logging synchronous line aux 0 line vty 0 4 --More--   login local --More--  ! --More--  ntp authentication-key 1 md5 1063102D0C1A17 7 --More--  ntp clock-period 17208212 --More--  ntp server 180.40.7.98 key 1 --More--   R3#config t Enter configuration commands, one per line. End with CNTL/Z. R3(config)#no ip access-list extended prob9 R3(config)#^Z R3# RACK13AS>2 [Resuming connection 2 to r2 ... ] R2#config t Enter configuration commands, one per line. End with CNTL/Z. R2(config)#do sh acces-list sh acces-list ^ % Invalid input detected at '^' marker. R2(config)#do sh acces-lists-list Extended IP access list 100 10 permit ip any any time-range Prob4 (active) (2 matches) R2(config)#access-list 101 per tcp any any     17.57.101.0 0.0.0.255 R2(config)#ip tcp in R2(config)#ip tcp intercept ? connection-timeout Specify timeout for connection info drop-mode Specify incomplete connection drop mode finrst-timeout Specify timeout for FIN/RST list Specify access-list to use max-incomplete Specify maximum number of incomplete connections before clamping mode Specify intercepting mode one-minute Specify one-minute-sample watermarks for clamping watch-timeout Specify timeout for incomplete connections in watch mode R2(config)#ip tcp intercept list ? <100-199> Extended access list number for intercept WORD Access list name for intercept R2(config)#ip tcp intercept list 101 ? R2(config)#ip tcp intercept list 101 R2(config)#^Z R2#sh ru Feb 10 22:53:37.706: %SYS-5-CONFIG_I: Configured from console by console R2#sh run | i ip inter R2#sh run | i ip inter     tcp ip tcp intercept list 101 R2#sh ruh   n | i access-list 101 access-list 101 permit tcp any 17.57.101.0 0.0.0.255 R2# R2#